Check for buffer and string overflow more precisely.

* buffer.h (BUF_BYTES_MAX): New macro. * lisp.h (STRING_BYTES_MAX): New macro. * alloc.c (Fmake_string): * character.c (string_escape_byte8): * coding.c (coding_alloc_by_realloc): * doprnt.c (doprnt): * editfns.c (Fformat): * eval.c (verror): Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM, since they may not be the same number. * editfns.c (Finsert_char): * fileio.c (Finsert_file_contents): Likewise for BUF_BYTES_MAX.
author: Paul Eggert 2011-06-03 19:49:51 -0700
committer: Paul Eggert 2011-06-03 19:49:51 -0700
commit: edaa182249601b0f7ee36f9863243b6919943982 (patch)
tree: 1e399289df34c433f0471efdfb8a6da4ab05ac25 /src/editfns.c
parent: c6c3615fb23e438701da089110b645fc771f8087 (diff)
download: emacs-edaa182249601b0f7ee36f9863243b6919943982.tar.gz
emacs-edaa182249601b0f7ee36f9863243b6919943982.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/editfns.c b/src/editfns.c
index b18a35fe295..b7951c45fac 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -2341,7 +2341,7 @@ from adjoining text, if those properties are sticky.  */)
    len = CHAR_STRING (XFASTINT (character), str);
  else
    str[0] = XFASTINT (character), len = 1;
-  if (MOST_POSITIVE_FIXNUM / len < XINT (count))
+  if (BUF_BYTES_MAX / len < XINT (count))
    error ("Maximum buffer size would be exceeded");
  n = XINT (count) * len;
  if (n <= 0)
@@ -3588,7 +3588,7 @@ usage: (format STRING &rest OBJECTS)  */)
  char initial_buffer[4000];
  char *buf = initial_buffer;
  EMACS_INT bufsize = sizeof initial_buffer;
-  EMACS_INT max_bufsize = min (MOST_POSITIVE_FIXNUM + 1, SIZE_MAX);
+  EMACS_INT max_bufsize = STRING_BYTES_MAX + 1;
  char *p;
  Lisp_Object buf_save_value IF_LINT (= {0});
  register char *format, *end, *format_start;
author	Paul Eggert	2011-06-03 19:49:51 -0700
committer	Paul Eggert	2011-06-03 19:49:51 -0700
commit	edaa182249601b0f7ee36f9863243b6919943982 (patch)
tree	1e399289df34c433f0471efdfb8a6da4ab05ac25 /src/editfns.c
parent	c6c3615fb23e438701da089110b645fc771f8087 (diff)
download	emacs-edaa182249601b0f7ee36f9863243b6919943982.tar.gz emacs-edaa182249601b0f7ee36f9863243b6919943982.zip

diff --git a/src/editfns.c b/src/editfns.c index b18a35fe295..b7951c45fac 100644 --- a/src/editfns.c +++ b/src/editfns.c
@@ -2341,7 +2341,7 @@ from adjoining text, if those properties are sticky. */)
2341	len = CHAR_STRING (XFASTINT (character), str);	2341	len = CHAR_STRING (XFASTINT (character), str);
2342	else	2342	else
2343	str[0] = XFASTINT (character), len = 1;	2343	str[0] = XFASTINT (character), len = 1;
2344	if (MOST_POSITIVE_FIXNUM / len < XINT (count))	2344	if (BUF_BYTES_MAX / len < XINT (count))
2345	error ("Maximum buffer size would be exceeded");	2345	error ("Maximum buffer size would be exceeded");
2346	n = XINT (count) * len;	2346	n = XINT (count) * len;
2347	if (n <= 0)	2347	if (n <= 0)
@@ -3588,7 +3588,7 @@ usage: (format STRING &rest OBJECTS) */)
3588	char initial_buffer[4000];	3588	char initial_buffer[4000];
3589	char *buf = initial_buffer;	3589	char *buf = initial_buffer;
3590	EMACS_INT bufsize = sizeof initial_buffer;	3590	EMACS_INT bufsize = sizeof initial_buffer;
3591	EMACS_INT max_bufsize = min (MOST_POSITIVE_FIXNUM + 1, SIZE_MAX);	3591	EMACS_INT max_bufsize = STRING_BYTES_MAX + 1;
3592	char *p;	3592	char *p;
3593	Lisp_Object buf_save_value IF_LINT (= {0});	3593	Lisp_Object buf_save_value IF_LINT (= {0});
3594	register char format, end, *format_start;	3594	register char format, end, *format_start;